[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jakarta-commons-user
Subject:    Is Commons File Upload FileItem.getName() Vulnerable for "Tainted filename read"?
From:       Thusitha Thilina Dayaratne <thusithathilina () gmail ! com>
Date:       2016-08-16 4:42:31
Message-ID: CANVncXD4JYqM9drAU9mxo5qAUqa+yTW=PSCTfrkDUOPEJaD55g () mail ! gmail ! com
[Download RAW message or body]


Hi,

I did a findsecuritybug scan for one of my project which uses
commons-fileupload. There tool report that below code segment is suspicious
for Tainted filename read.

String fileName = item.getName()

Could someone tell me whether Is there a protection against that from
commons-fileupload implementation itself? Or users have to manually check
validated the file name?

Thanks
Thusitha


[prev in list] [next in list] [prev in thread] [next in thread]